Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31046 | 1 Typo3 | 1 Typo3 | 2022-06-23 | 4.0 MEDIUM | 4.3 MEDIUM |
| TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the export functionality fails to limit the result set to allowed columns of a particular database table. This way, authenticated users can export internal details of database tables they already have access to. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 fix the problem described above. In order to address this issue, access to mentioned export functionality is completely denied for regular backend users. | |||||
| CVE-2021-30338 | 1 Qualcomm | 4 Sd850, Sd850 Firmware, Sdxr1 and 1 more | 2022-06-23 | 4.9 MEDIUM | 5.5 MEDIUM |
| Improper input validation in TrustZone memory transfer interface can lead to information disclosure in Snapdragon Compute | |||||
| CVE-2022-32230 | 1 Microsoft | 3 Windows 10, Windows 11, Windows Server 2019 | 2022-06-23 | 7.8 HIGH | 7.5 HIGH |
| Microsoft Windows SMBv3 suffers from a null pointer dereference in versions of Windows prior to the April, 2022 patch set. By sending a malformed FileNormalizedNameInformation SMBv3 request over a named pipe, an attacker can cause a Blue Screen of Death (BSOD) crash of the Windows kernel. For most systems, this attack requires authentication, except in the special case of Windows Domain Controllers, where unauthenticated users can always open named pipes as long as they can establish an SMB session. Typically, after the BSOD, the victim SMBv3 server will reboot. | |||||
| CVE-2022-32240 | 1 Sap | 1 3d Visual Enterprise Viewer | 2022-06-23 | 4.3 MEDIUM | 5.5 MEDIUM |
| When a user opens manipulated Jupiter Tesselation (.jt, JTReader.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||||
| CVE-2022-32242 | 1 Sap | 1 3d Visual Enterprise Viewer | 2022-06-23 | 4.3 MEDIUM | 5.5 MEDIUM |
| When a user opens manipulated Radiance Picture (.hdr, hdr.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||||
| CVE-2022-32241 | 1 Sap | 1 3d Visual Enterprise Viewer | 2022-06-23 | 4.3 MEDIUM | 5.5 MEDIUM |
| When a user opens manipulated Portable Document Format (.pdf, PDFView.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||||
| CVE-2022-32243 | 1 Sap | 1 3d Visual Enterprise Viewer | 2022-06-23 | 4.3 MEDIUM | 5.5 MEDIUM |
| When a user opens manipulated Scalable Vector Graphics (.svg, svg.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||||
| CVE-2021-36901 | 1 Asylumdigital | 1 Age Gate | 2022-06-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in Phil Baker's Age Gate plugin <= 2.17.0 at WordPress. | |||||
| CVE-2022-32363 | 1 Product Show Room Site Project | 1 Product Show Room Site | 2022-06-23 | 6.5 MEDIUM | 7.2 HIGH |
| Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/categories/view_category.php?id=. | |||||
| CVE-2022-32362 | 1 Product Show Room Site Project | 1 Product Show Room Site | 2022-06-23 | 6.5 MEDIUM | 7.2 HIGH |
| Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/categories/manage_category.php?id=. | |||||
| CVE-2022-32355 | 1 Product Show Room Site Project | 1 Product Show Room Site | 2022-06-23 | 6.5 MEDIUM | 7.2 HIGH |
| Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=products/view_product&id=. | |||||
| CVE-2022-32354 | 1 Product Show Room Site Project | 1 Product Show Room Site | 2022-06-23 | 6.5 MEDIUM | 7.2 HIGH |
| Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=user/manage_user&id=. | |||||
| CVE-2022-32353 | 1 Product Show Room Site Project | 1 Product Show Room Site | 2022-06-23 | 6.5 MEDIUM | 7.2 HIGH |
| Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/categories/manage_field_order.php?id=. | |||||
| CVE-2022-20132 | 1 Google | 1 Android | 2022-06-23 | 4.9 MEDIUM | 4.6 MEDIUM |
| In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel | |||||
| CVE-2022-31041 | 1 Maykinmedia | 1 Open Forms | 2022-06-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| Open Forms is an application for creating and publishing smart forms. Open Forms supports file uploads as one of the form field types. These fields can be configured to allow only certain file extensions to be uploaded by end users (e.g. only PDF / Excel / ...). The input validation of uploaded files is insufficient in versions prior to 1.0.9 and 1.1.1. Users could alter or strip file extensions to bypass this validation. This results in files being uploaded to the server that are of a different file type than indicated by the file name extension. These files may be downloaded (manually or automatically) by staff and/or other applications for further processing. Malicious files can therefore find their way into internal/trusted networks. Versions 1.0.9 and 1.1.1 contain patches for this issue. As a workaround, an API gateway or intrusion detection solution in front of open-forms may be able to scan for and block malicious content before it reaches the Open Forms application. | |||||
| CVE-2022-20134 | 1 Google | 1 Android | 2022-06-23 | 7.2 HIGH | 7.8 HIGH |
| In readArguments of CallSubjectDialog.java, there is a possible way to trick the user to call the wrong phone number due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-218341397 | |||||
| CVE-2022-20129 | 1 Google | 1 Android | 2022-06-23 | 4.9 MEDIUM | 5.5 MEDIUM |
| In registerPhoneAccount of PhoneAccountRegistrar.java, there is a possible way to prevent the user from selecting a phone account due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-217934478 | |||||
| CVE-2022-20130 | 1 Google | 1 Android | 2022-06-23 | 10.0 HIGH | 9.8 CRITICAL |
| In transportDec_OutOfBandConfig of tpdec_lib.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224314979 | |||||
| CVE-2021-40212 | 1 Daum | 1 Potplayer | 2022-06-23 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable out-of-bounds write vulnerability in PotPlayer 1.7.21523 build 210729 may lead to code execution, information disclosure, and denial of service. | |||||
| CVE-2022-20127 | 1 Google | 1 Android | 2022-06-23 | 10.0 HIGH | 9.8 CRITICAL |
| In ce_t4t_data_cback of ce_t4t.cc, there is a possible out of bounds write due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221862119 | |||||